To become a CNA, we need to more clearly specifiy the scope of
security support. This change updates the document and points
to SUPPORT.md and pages generated from SUPPORT.md

Also fixed a typo in the following paragraph.

Signed-off-by: Lars Kurth <lars.kurth@citrix.com>
---
security-policy.pandoc | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/security-policy.pandoc b/security-policy.pandoc
index 5783183..6796220 100644
--- a/security-policy.pandoc
+++ b/security-policy.pandoc
@@ -19,7 +19,15 @@ Scope of this process
 This process primarily covers the [Xen Hypervisor
Project](index.php?option=com_content&view=article&id=82:xen-hypervisor&catid=80:developers&Itemid=484).
-Vulnerabilties reported against other Xen Project teams will be handled on a
+Specific information about features with security support can be found in
+
+1.  [SUPPORT.md](http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=SUPPORT.md)
+    in the releases' tar ball and its xen.git tree and on
+    [web pages generated from the SUPPORT.md file](http://xenbits.xenproject.org/docs/support/)
+2.  For releases that do not contain SUPPORT.md, this information can be found
+    on the [Release Feature wiki page](https://wiki.xenproject.org/wiki/Xen_Project_Release_Features)
+
+Vulnerabilities reported against other Xen Project teams will be handled on a
best effort basis by the relevant Project Lead together with the Security
Response Team.
@@ -401,7 +409,7 @@ Change History
--------------
 <div class="box-note">
-
+-   **v3.18 April 9th 2017:** Added reference to SUPPORT.md
-   **v3.17 July 20th 2017:** Added Zynstra
-   **v3.16 April 21st 2017:** Added HostPapa
-   **v3.15 March 21st 2017:** Added CloudVPS (Feb 13) and BitDefender SRL
--
2.13.0